If your main focus is Secuity then I suggest that you study for the CCNA Security and then move onto the CCNP Security track. You can bypass CCNP Routing and Switching altogether if your interest is Security.

Alternatively if you have the spare time you could study for two exams at once, say for example the CCNA Security and CCNP Routing.

You mean there are no prerequisites on taking the CCNA Security exam? I mean you don't need to have a knowledge in CCNP R&S for you to fully grasp the concepts in the CCNA Security curriculum? And regarding on the simulators, is GNS3 enough or do I really need a real gear for the IINS exam?

With regards to GNS3 I suggest you check the objectives of the exam since it's a couple of years since I've studied for it. In the past I've found it to be an excellent study tool for most certs, even for some of the Voice exams.

For what its worth, from my personal experience, CCNA Security was a piece of cake after doing CCNP R&S. Most of the things in CCNA Sec you wind up tinkering with and learning a good deal about anyway on the path to CCNP. But to your main goal, taking the direct route would likely make more sense. If your primary goal is security, in taking CCNP R&S you may find yourself delving into elements of network configuration that may take you away from your primary focus (though the information is powerful and very useful), which leads to my next point.

Now, as I delve into CCNP Sec, though some of the concepts are familiar with respects to CCNA Security, it is MUCH more in-depth with respect to security configurations (I'm on SECURE 642-637), and if you took the direct track you may find that you would have to brush up on a few R&S concepts and how they tie in to securing elements of thr router and switch, but not too much further from where CCNA R&S took you.

I guess what I'm saying is that if you want security, stick to the track. I would only recommend taking the CCNP R&S --> CCNA Security --> CCNP Security track if you have the time for it. I happen to have had the time (been in the industry for almost a decade), but if I was pressed to get my feet planted and rooted in Sec, I would have taken the direct approach.

As for GNS3, it may well be the best tool in your toolbox (until you talk about switching). It made the routing topics and most other topics you will encounter a breeze to grasp. Practice, practice, practice......Lab, lab, lab.....

Thank you all for your responses. @Knox wassup frat? I am glad Karl asked this question as I am studying for CCNA this summer and my interest is security and eventually forensic hacking. I learned what GNS3 is today and have downloaded one as well as studying the CCNA official cert library from Odom with network simulator included. Thanks everyone!

Now, as I delve into CCNP Sec, though some of the concepts are familiar with respects to CCNA Security, it is MUCH more in-depth with respect to security configurations (I'm on SECURE 642-637), and if you took the direct track you may find that you would have to brush up on a few R&S concepts and how they tie in to securing elements of thr router and switch, but not too much further from where CCNA R&S took you.

I guess what I'm saying is that if you want security, stick to the track. I would only recommend taking the CCNP R&S --> CCNA Security --> CCNP Security track if you have the time for it. I happen to have had the time (been in the industry for almost a decade), but if I was pressed to get my feet planted and rooted in Sec, I would have taken the direct approach.

As for GNS3, it may well be the best tool in your toolbox (until you talk about switching). It made the routing topics and most other topics you will encounter a breeze to grasp. Practice, practice, practice......Lab, lab, lab.....

Thanks for the very detailed answer.

I was also thinking the same way as what you've recommended CCNP R&S --> CCNA Security --> CCNP Security.

Since the security exams are refreshed, I guess I should take the v2.0 and focus on CCNP anyway then unto Security.

About GNS3, you mean I can rely on it in preparing for the ROUTE exam?In SWITCH and TSHOOT, will I really need a real switch for it?

And lastly, what is your opinion for the time frame needed to prepare for each exam?

I havent tested all the routers in gns3 with the security labs, because I dont have k9 images for all of them, but last night I was using the 3700 and although the CCP was giving out incompatibility errors it still worked for the lab. Im using the new cisco 1.1 lab book (really ccna sec 2.0 exam). If you study for the current exam which uses sdm, you should not have issues like that.

Ccna sec 1.1 lab book (2.0) has a new chapter that covers ASA5505, and I am anticipating gns's asa to give me problems with that one. I'll let you know. Fortunately I have acces to all the real equiment, but I play with gns3 at home.

Here are the specs for the new ASA topic - (this is from the lab book 1.1, the new chapter, 10)

Note: The routers used with this lab are Cisco 1841 with Cisco IOS Release 12.4(20)T (Advanced IP image).

My Note: if you are using the new curriculum using the ccp, you need to use a 2800 or better router - I am almost certain the 1841 will give you issues using the ccp. I think that was a misprint.

Other routers, switches, and Cisco IOS versions can be used. However, results and output may vary.

The ASA that is used with this lab is a Cisco model 5505 with an 8-port integrated switch, running OS version

8.4(2) and ASDM version 6.4(5) and comes with a Base license that allows a maximum of three VLANs.

Also, you can do the labs without adding the switches - except for the new chapter 10 labs - if you are following the cisco 1.1 labs. You can forego the switches completely in the 1.0 (ccna sec 1.0) lab book.

Im sure keith barker and catherine paquets new books coming out will be in sync with the 1.1 (ccna sec 2.0) lab book. I always recommend the academy lab books, whether you are taking classes or not.

Thanks for that detailed comment Kevin.Do you have a link that will bring me to the router model and specifications? Since I'm not familiar yet with the IOS/Router model because I was using purely PT on my CCNA studies and it will be a good idea if I can review the model/ios specifications.

Not sure which router you mean. For the current exam, if you have real 1841's you are good to go, as long as they have a 12.4 image with "K9" in it - it could be either a security image, or an advanced ip image. SDM runs fine on it, as far as I know.

If you are going to use the new curriculum and take the new 554 exam, you MIGHT be able to get away with using 1841's but Im pretty sure I tried that once, and it gave me some incompatibility messages after CCP did the "discovery" process, and then proceeded to not really work properly. I'll hook up an 1841 tomorrow and check it out again - see how the CCP does with it. Check ebay for prices and images.

In you can get 2 or 3 of 2811's you are good to go for the new exam - I use the CCP on those with no problem.

The academy has no official text book for the security class (like the CCNA 1 - 4 books), but they do publish a paperbound "Course booklet" which is the online ccna security curriculum, in print format, without the graphics and flash (obviously). Then there is the Lab booklet. Amazon has both for cheap.

Kind of hard to advise, since I dont know if you are taking classes or not. Either way, you can still use the academy material, or you could get Kevin Wallaces CCNA security, but I dont know if there is much in the way of Labs in that book. Or you can wait for Keith Barkers and Catherine Paquets new books for the new exam.

Lots of options...oh, then you need an ASA 5505

I harp on the 1841 and 2811 routers because Cisco built the class and labs around those. Other routers, as mentioned, will work, just be careful.

--- getting the right image, and various gns glitches and frustrations that may happen aside ---

YES, GNS3 is enough to study for CCNA security current exam. ASA in GNS may be problematic, if you are doing the new exam . As I said, I ran the 3700 router, with only a warning from CCP that it was not compatible (wrong version of CME, [call manager express], which doesnt matter), but it worked.

Also, funny enough, I just set up a site to site vpn in PT (1841 router), so you can start playing with that if you have it. You can also practice two other objectives in that router, auto secure, and secure boot-image, not to mention all the more mundane security configs we need to know. Im going to see how far I can push packet tracer!

Thanks for your quick respones to my posts, I appreciate it!I have no plans on taking the current exam. I guess I will just take the 554 exam, right now I've decided to go for the CCNP first before delving in the security track.

If you don't mind me asking, can you give me a list of common routers/IOS used in the CCNP course? (including switches)Like the layer 2 switches and layer 3 switches, router/ios model, etc. (just the common)

I'm still confused when I saw something like 5505, 3560, 2960, 2811, 1811, etc. I can't figure out which one is a switch or a router.Sad to say, I don't have any access to real gears and GNS3 is my only hope.

Can you suggest/recommend also the IOS images to use in studying for the CCNP course?